Pas encore membre ? Inscris-toi gratuitement et débloque des réductions instantanées avec notre adhésion a&o Club.
Deviens membre maintenant - gratuitement !With this data protection notice we would like to inform you as a guest of our hostel (for the sake of simplicity the term "hostel" will be used uniformly for our hostels and hotels in the following) or visitor about the collection, processing and storage of your personal data in our hostels within Europe.
One of the aims of the European Data Protection Basic Regulation (hereinafter abbreviated as DSGVO) and the respective national data protection laws is to ensure that persons affected by data processing are aware of the extent to which their personal data are processed.
Personal data are data that are related to your person or allow an inference to your person (for example your name, your date of birth or your cell phone number). In the following we will refer to this data in short as "data". This always refers to personal data. In the following, "processing of data" refers to any collection, storage or other use of data.
a) Responsible for the general data processing in our hostels
The person responsible for processing your personal data when you visit one of our hostels is the respective a&o operating company in accordance with the DSGVO. The list of operating companies can be found here.
b) Data protection officer
For all questions regarding data protection in connection with data processing in the hostels, you can also contact our data protection officer at any time. He can be reached at the e-mail address: [email protected].
We collect the following personal data in our hostels:
We process personal data in accordance with the provisions of the European Data Protection Regulation (DS-GVO) and the respective national data protection laws.
Your personal data will be processed for the following purposes:
This includes:
The legal basis for this is Art. 6 para. 1 lit. f DSGVO
We restrict access to your personal information to those employees who need it to perform services for you:p>
All our employees are trained in data protection and are obliged to handle your data properly. We continually monitor compliance with data privacy and take disciplinary action if we determine that personal information is being improperly handled. Part of the data processing may be carried out by our service providers. In particular, these may include data centers that store our website and databases, IT service providers that maintain our systems, and consulting firms. If we pass on data to our service providers, they may use the data exclusively for the fulfilment of their tasks. These service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the persons concerned and are regularly monitored by us. In the area of card payment (direct debit/girocard/credit card) we work together with Concardis GmbH, Helfmann-Park 7 65760 Eschborn.
In addition, disclosure may occur in connection with governmental inquiries, court orders, and legal proceedings if necessary for law enforcement or prosecution.
In principle, we store personal data only as long as necessary to fulfill contractual or legal obligations for which we have collected the data. Afterwards, we delete the data immediately, unless we need the data until the expiry of the statutory limitation period for evidence purposes for civil law claims or because of statutory storage obligations. For evidence purposes, we must retain contract data for a further three years from the end of the year in which the business relationship with you ends. Any claims shall become statute-barred after the statutory standard period of limitation at this point in time at the earliest. Even after this period, we still have to store some of your data for accounting reasons. We are obliged to do so because of legal documentation requirements, which may differ from country to country. The periods stipulated there for the retention of documents range from two to ten years. In principle (with some country-specific exceptions), registration forms are kept for one year from the day of arrival and are destroyed within three months of the retention period. However, longer retention periods may apply to registration forms, which also serve to collect tourism and spa fees, due to municipal statutes.
Video recordings in public areas will be automatically overwritten after one week with the recordings made at that time, unless a permanent backup is made beforehand due to a known significant incident.
In our accommodation facilities in Italy, the Czech Republic and Hungary, we are required by law to transmit recorded registration data electronically to the registration authorities.
You have the right to request information about the processing of your personal data by us at any time. In the course of providing you with this information, we will explain the data processing to you and provide you with an overview of the data stored about your person. If data stored by us is incorrect or no longer current, you have the right to have this data corrected. You can also request the deletion of your data. If, in exceptional cases, deletion is not possible due to other legal regulations, the data will be blocked so that you are only available for this legal purpose. You can also have the processing of your data restricted, e.g. if you are of the opinion that the data we have stored is incorrect. You also have the right to data transferability, i.e. that we send you a digital copy of the personal data you have provided us with on request. In order to make your rights as described here applicable, you can contact us at any time using the contact details given above. This also applies if you wish to receive copies of guarantees to prove an adequate level of data protection. In addition, you have the right to object to data processing based on Art. 6 para. 1 letter e or f DSGVO. Finally, you have the right to complain to the data protection supervisory authority responsible for us. You can assert this right at a supervisory authority in the member state of your residence, your place of work or the place of the suspected infringement. The European Commission's overview of the competent data protection authorities for the respective hostel locations can be found here.
By revoking the consent, the legality of the consent until the revocation is to be expected, not to be done. Insofar as we process your data on the basis of interests, interests, Art. 6 Para. 1 lit. f DSGVO, you have the right to object to the exercise of your data payment control, refusal of authorization, which is based on your own situation, which results from the direct situation, which relates to the direct objection, see Art. 21 DSGVO. Last autumn you have a general right of objection, which will be owned by us even without specifying. If you have concerns about the right of revocation or objection, you should send an informal message to the contact details given above.
We maintain current technical measures to ensure data security, in particular to protect your personal data from the dangers of data transfers and from third parties gaining knowledge. These are adapted to the current state of the art. To secure the personal data you provide on our website, we use Transport Layer Security (TLS), which encrypts the information you have entered.
We update this data protection declaration from time to time, for example if we adapt our website or if the legal or official requirements change.
Inscris-toi à notre bulletin d'information WhatsApp dès aujourd'hui !